Top Cyber News Magazine Daniel Ehrenreich

MAGAZINE
TOP CYBER NEWS
OCTOBER EDITION
HOW DANIEL EHRENREICH IS DEDICATING HIS EXPERTISE FOR TRAINING ENGINEERS ON INDUSTRIAL CYBER SECURITY, AS NEEDED FOR
DEPLOYING AND MAINTAINING MODERNIZED SYSTEMS AND PROCESSES, REACHING HIGHER PRODUCTIVITY AND ASSURANCE OF
OPERATING SAFETY, RELIABILITY AND PRODUCTIVITY (SRP).
FUTURE OF
INDUSTRIAL
CYBERSECURITY
THE
GLOBAL TREATY FOR CRITICAL
INFRASTRUCTURE PROTECTION
EXCLUSIVE ARTICLE BY EMILIO IASIELLO
DANIEL EHRENREICH
CHIEF SECURITY OFFICER
SECURE COMMUNICATIONS
& CONTROL EXPERT
HOW TO IMPROVE IT, OT AND INDUSTRIAL
CONTROL SYSTEMS SECURITY

ERASE
TOP CYBER NEWS MAGAZINE - October 2021 - All rights reserved 2
BARRIERS
REMOVE
TRUST
FUTURE
GAPS
RAISE UP

3
EMO Milano & Siemens AG
Machine Tool Days 2021

About Daniel Ehrenreich
Daniel Ehrenreich, BSc. is a leading Industrial Control System
(ICS) expert and acting as consultant and lecturer at Secure
Communications and Control Experts (SCCE) consulting entity,
based in Israel.
Periodically conducting workshop sessions via Internet and in
person for educating international participants on ICS cyber
security risks and defense measures for a broad range of ICS
verticals.
Studied CISSP in 2014 and is certified as a Lead Auditor for the
ISO 27001-2013 standard by the Israeli Institute of Standards.
Daniel has over 30 years of engineering experience with ICS for:
electricity, water, oil and gas and power plants as part of his
activities at: Tadiran Electronics, Motorola Solutions, Siemens and
Waterfall Security.
Reselected as the Chairman for the 6th ICS Cybersec AI&ML 2021
hybrid conference, organized by People and Computers. This year
the conference is scheduled to take place in Israel on 27-10-2021.

The current pace at which we have
been embracing technology in our
professional & personal life demands
‘cognitive agility’ on our part i.e. a
reasonably good speed with which
we can change and adapt to the new
norms. I am hopeful that few pointers
below will help position ourselves
better:
The manifold increase in
disinformation and deepfake
media across the digital world will
test our abilities to separate voice
from noise. Our ‘common sense
approach’ to cybersecurity and
attempts to stay safe online will be
put to test, by lazy and creative
cybercriminals, who will be better
armored with automated tools &
techniques.
“Trust will be one of most valuable
& difficult instincts to find and part
with”; eventually assessing our
abilities to conduct ‘due diligence’
and verify.
We are at a juncture in this
‘transition’ where awareness and
adoption of cybersecurity basics
will help us navigate more swiftly &
safely through the dynamic digital
world ahead.
Recent cyber incidents illustrate the
fluidity and ease with which
cybercriminals(Nation-
state/Other)have dented the well-
connected and ever-sensitive critical
infrastructure ecosystem. These
events serve as important cues for
both private and government
stakeholders to cohesively work
towards improving the cyber
resilience of critical infrastructure
systems across the globe.
Just as protection of 'natural
chokepoint straits' along the global
shipping lines is vital for an efficient
global supply chain/trade of essential
commodities, the security of critical
infrastructure resources is
imperative to the well-being of
citizens across nations.
Heightened alert and awareness of
threats facing Critical
infrastructure combined with
collaboration and trust among
stakeholders to improve the cyber
resilience of critical infrastructure
networks is an inevitable need during
these times.
Kris® K ✔, MBA, MS - Cybersecurity,
IT Service Management, InfoSec and
Project Management Professional
Industrial Control Systems (ICS)
Cyber Security
Editorial by Kris K.
Cybersecurity Management professional

Understanding
Industrial Control Systems
Cyber-Attacks and Defense Measures
Introduction
The growing number of cyber-attacks on Industrial Control Systems (ICS)
operating in broad range of industrial, communications, utility and
manufacturing applications is raising an important question: Do we correctly
understand the cyber-attack surface and the potential risks to our
organizations? Who might initiate an attack, why a specific victim might be
selected, what resources are required and how motivation of an attacker may
be created?
Cyber security experts know well that it is impossible protecting all facilities
and all zones in each facility with the strongest defense measure. Therefore,
organizations shall hire experts and allocate resources to understand the
possible attack environment.
Figure 1 below is outlining the risk evaluation process for defending specific
zones in a plant. The goal of this paper is to help the reader understanding the
organization environment and select the strongest, most affordable and
justifiable cyber defense for each zone.
Figure 1. Risk evaluation process for industrial facilities
Author: Daniel Ehrenreich

Understanding ICS Cyber-Attacks and Defense Measures
Analyzing The Risk Map
We all know that physical and cyber security are strongly linked to business risks and to
operation safety. Understanding the risk map outlined above helps analyzing the actual risk
factors and help selecting specific cyber defense measured aimed to assure business
continuity and safety to people. The center of the map is outlining the risk assessment
process such as outlined by the Lockheed Martin Cyber Kill Chain, the MITRE Adversarial
Tactics, Techniques, and Common Knowledge (ATT&CK) process, etc. On the left side of
the grey-colored cloud are shown the Security Levels (SL), as defined by the ISA 62443
international standard. Further on left side are outlined specific targets of an attacker and on
the right side of the chart are listed possible impacts caused by a cyber-attack on an
industrial facility.
IT Oriented Goal of Attackers
The IT systems must protect the Data, Privacy and Money through the
Confidentiality, Integrity and Availability (CIA) Triad. However, on many occasions we
get surprised seeing IT systems which are not accurately documented, not updated to
prevent exploitation of published vulnerabilities and critical findings and conclusions from
the recent cyber security assessment were not implemented. It reflects on the negligent way
how organizations are referring to cyber security risks.
ICS Oriented Goal of Attackers
When dealing with cyber security for industrial plants, such as described above, we shall
not rotate the CIA letters as often proposed by IT experts, but we shall point to the Safety,
Reliability, Productivity (SRP) Triad. To comply with the SRP, the design must assure
that authorized employees or attackers cannot damage the machines and machines can not
hurt people. Meeting these goals require in-depth understanding of security guidelines such
as defined by the ISA 62443 standard.
Internally Generated cyber attacks
Although the impact can be similar, experts must clearly differentiate among internally
and externally generated cyber-attacks. Important to realize that operation safety can not
be assured without cyber security and furthermore, cyber security can not be assured
without physical security. Therefore, physical security is a strong precondition for
preventing internally generated attacks and risk to safety.
Externally Generated cyber attacks
In contrary to above, externally generated attacks start with Social Engineering, such as
phishing, spear phishing, etc. The initial goal of attackers is to penetrate to the IT system,
stay there for 150-200 days, collect detailed information on the ICS process, compromise
the barrier between the IT and the ICS zones and finally manipulate the process to generate
outage or damage and harm people.

Understanding ICS Cyber-Attacks and Defense Measures
Supply-Chain Originated cyber attacks
The supply chain related risks were recently added to the list of attack vectors, side by side
with internally and externally generated cyber-attacks. These risks are referring to suppliers
of control devices, who might ship malwaretized devices or programs. Furthermore, during
COVID-19 we must refer to risks caused by external service providers who are allowed to
connect remotely to the industrial zone.
Practical ICS Cyber defense measures
The well-known sentence says:” There is no Silver Bullet for protecting computerized
and communications-based systems” and therefore you must deploy layered defense.
According to the People, Policies, Technologies (PPT) Triad, employees must be trained for
higher level of awareness and enhanced capability to detect cyber-attacks, minimize
damages, deployment of effective and enforceable policies and finally implement
technologies suitable for defending each zone in the organization.
To minimize the risk, system designers may deploy encryption and authentication of
connecting service computers and authenticating the connecting service engineers.
Among specific technologies they may consider deployment of Intrusion Detection
Systems (IDS), Unidirectional Diodes, ICS oriented Next Generation Firewalls (NGFW),
Whitelisting, Security Intrusion Event Management (SIEM) and deploy connection to the
Security Operation Center (SOC) operated by the organization or an external service
provider. When relying on 3rd party maintenance, operators must request that remote
connection shall be supervised and allowed only by using a service computer which is not
used for other purposes.
Summary and Conclusions
“The consequences of cyber security risks are very much different between IT
and ICS, and therefore, the cyber security risks assessment methods must be
different as well.
The broadly used CyberPHA methodology offers a “consequence driven method” to assess
industrial security risks. It is a more rigorous method compared to those used for IT
systems. It aligns with the ISA/IEC 62443 standard Section 3-2 and provides clearly-to-see
links to hazard analysis and consequences of cyber-attacks. Adherence to adapted methods
and applicable best practices may help you achieving stronger cyber security by being a big
step ahead of hostile attackers. Senior management in every organization must allocate
resources for training of employees, business continuity assurance and for operating safety
assurance in their facilities.

Adding AI & ML
Enhance of Weaken the ICS Cyber Security?
Introduction
Industry experts worldwide are enthusiastically talking about modernizing their
operations towards achieving higher quality and productivity. This trend is so
clear, that we can hardly think of anyone who might question the validity of the
Industry 4.0 methodology. However, in order doing that correctly, this process
must start with correctly defined goals and shall be conducted by joint efforts
of IT and Industrial Control Systems (ICS)/Operation technology (OT),
vendors and expert integrators.
Deployment of Industry 4.0 related solutions requires upgrading the capacity of
the computing process, adding sensors and field controllers, upgrading the
Automation Servers (AS) and more. Furthermore, it requires adding many
Industrial Internet of Things (IIoT) devices for collecting more granular and
accurate data.
Adding Artificial Intelligence (AI) and Machine learning (ML) solution to the
ICS architecture is aimed to enhance that overall productivity, detect failure
conditions faster, detect cyber attackers who already penetrated to the system.
But on the other hand, adding of new components and processes, which are not
directly essential to the industrial process, might increase the cyber-attack
surface.

Adding AI & ML Enhance of Weaken the ICS Cyber Security?
Briefly on AI & M: From an expert/researcher/system architect point of view,
AI is a set of algorithms that can analyze specific input values and conditions
and may create intelligent results that enhance the ICS operating performance.
AI-based processes can act fast, and initiate and perform tasks intelligently,
even without being requested. Utilizing ML and Computerized Vision, an AI-
based industrial operation may act similarly to humans.
The ML is a subset of AI, and it defines the ability to learn from monitored
behavior, rather than just instructions. Its algorithms may automatically learn,
create updated baselines and steadily improve the effectiveness industrial
plants. The ML process is constantly learning by analyzing the available data
from devices and ICS processes and comparing it with previously collected data
for better supporting the AI process.
The Future of AI related to ICS
The breakthrough innovations created by AI and ML have emerged to a huge
hope for organizations across the world. The integration of Industrial Internet of
Things (IIoT), AI and ML originated processes into the ICS operating
architecture, allows for big data analytics thus it is positively impacting the
process and machine-based industrial operations.
As these trends continue evolving, they will have strong impact on achieving
higher productivity, production quality and profitability of plants. Organizations
may enhance their existing processes and generate new processes such as were
unavailable before. Achieving higher production rate and quality may help
increasing the selling prices and the overall profitability.

Adding IIoT devices to the ICS architecture
Consequently, ICS architectures must be expanded with many IIoT devices,
which increase the cyber-attack surface and cyber security risks. To evaluate the
increased probability of an attack caused by adding these devices, we must
review the following risk factors:
1. Which of the IIoT units are installed inside or outside the secured perimeter?
2. Are they logically and physically connected to a single zone or multiple zones?
3. Are these IIoT devices directly connected to the ICS, or they reside in the cloud?
4. Are these IIoT allowed communicating each with other or always through ICS?
5. Which IIoT devices are part of the critical process, and which are not?
When scrolling through the questions listed above, we realize, that the ICS has
no longer a solid hierarchical structure as described by the Purdue Model.
Therefore, ICS experts shall review the cyber defense and safety-related
challenges and critical topics (partial list):
1. Are the benefits achieved by deploying new IIoT devices outperform the
increased risks?
2. Are these IIoT deployed securely in a way they do not increase the cyber-attack
surface?
3. Can the IIoT security challenges be reduced by cost-effective complementing
measures?

Can AI evolve the cyber defense?
Cyber defense measures and mechanisms such as Deep Packet Inspection (DPI), Data Leak
Prevention (DLP) and Intrusion Detection systems (IDS) may perform analysis of the
transferred data among zones which have different level of criticality. Their efficiency can
be enhanced by availability of highly granular process data.
The output data available from AI processes can upgrade the detection capabilities of cyber
defense measures and reduce the number of False Positive indications. Furthermore,
important mentioning, that adding AI based processes may specifically upgrade the cyber
defense for legacy installations without affecting their process.
Can AI weaken the cyber defense?
This title sound like contradicting to the previous paragraph, which listed the positive
contribution of the AI to stronger cyber defense. ICS cyber security experts know-well, that
every software-based defense or a new device or process can be compromised.
For example, if the AI based process is targeted for manipulation, it might lead to
unexpected shutdown even if no harm happened or it might create hiding of a cyber-attack
or an internal sabotage. Consequently, to compensate for these weaknesses, the cyber
defense architect must add new compensating defense measures.
Maintaining Cyber Secured operation
Process improvement and Industry 4.0 modernization are important initiatives and therefore
are granted strong support by the management. However, none is allowed to introduce these
solutions if they increase the cyber security risk beyond acceptable level.

Cyber Consequently, organizations must adhere to best practices,
such as listed below:
1. Maintain in-depth understanding of the ICS process and the internal sessions among zones.
2. Physical security of ICS facility and IIoT devices is a strong precondition to cyber security.
3. Correctly designed ICS architecture and cyber defense are strong preconditions to safety.
4. The ICS data may converge with the IT data, but the IT and OT networks must not converge.
5. Perform periodic trainings a drills to all involved employees and external service providers.
6. Maintain close collaboration and cross team assistance among ICS and IT security experts.
7. Make sure that all devices and network components are properly updated and patched.
8. Adhere to Secure Development (SD) for ICS and AI based and cyber defense processes.
9. Perform segregation among zones which are not required communicating each with other.
10. Perform encryption of channels which are communicating ICS related critical data.
11. Perform strong authentication of all connected devices, including service computers.
12. Perform cyber security and risk assessment according to the ISA/IEC 62443 standard
13. Deploy Business continuity (BCP) and disaster recovery (DRP) processes.
14. Deploy Incident response (IR) processes and conduct periodic drill for the assigned team.
15. Above action shall prepare you organization for effectively responding to the unexpected…
Summary and Conclusions
The deployment of modernized AI based industrial operations is a highly important
initiative and organization must plan for that ahead of time. Handling of Industry 4.0
related processes must be in line with the ISA-IEC 62443 cyber security regulations. IT and
ICS teams must closely collaborate during modernization of the processes and make sure
that modernization is not creating cyber security risks. The management in industrial
organizations must adhere to ISO 27001-2013 section 5 para 1 and provide the needed
resources and budgets for maintaining a strongly secured industrial operation.

Exceptional Cyber
Threats Call for
Exceptional Cyber Security Leadership
Author: Alex Antar
“Ultimately, responsibility for security of the company’s crown jewels lays on
the hands of the Board, the CEO and the senior leaders in that order.”
- Alex Antar, Global Audit Platform Programme Manager at Mazars, Global IT Innovation
Business Partner at Unilever
There is sadly a broad consensus that these are
clearly tough times for political, business and cyber
security leaders both in the public and private
sectors because their cyber security postures are
proving again and again to be a no match for
cybercriminals. So much so that it’s so stressful and
heart breaking to sit on the ejection seat/chair of a
CISO today. So, admittedly, leaders across all
business sectors are undergoing soul searching to
raise the standards and maturity of their cyber
security postures. And there are indeed some signs
of hope out there because recent research shows that
the “dwell time” – an important KPI measuring how
long a malicious criminal or malware has been
hiding inside the network - has been decreasing
drastically over the recent decade. The global
median cyber-attack dwell time is about 24 days
according to Mandiant’s 2020 report. However, the
staggering high number of cybercrimes hurting
indiscriminately all kinds of firms worldwide
including deep pocket corporations and state
agencies, indicates that cyber security defence
postures based on conventional frameworks are not
enough. It is safe to say that, in this ever-ending
evolutionary cat and mouse chase drama, business
leaders can only be the losers here because they are
far too slower at adapting new security defence
technologies and standards than even the
nonprofessional cybercriminals; never mind the
advanced state funded groups. It’s a fact.
Understandably, holding internationally recognised
cyber security certifications such as ISO 27001,
NIST CSF, SOC2, etc are a good 1st impression
about the maturity of a cyber security posture. Yet,
these certifications, even when they are audited by
external independent auditors, can be considered
kind of like the cover of a book; Except that smart
cybercriminal do not judge the book by its cover.
The fact of owning those security certifications or
lack of major cyber-attack incidents within a
company do not by any means constitute
invincibility. They often provide a false positive
confidence. A breach is simply a matter of time.
There are also numerous other factors impacting the
efficacy of security operations such as the high
internal technical & organizational complexity, lack
of skilled resources, siloed heterogenous IT & ICS
systems; not to mention the high number of daily
timewasting false positive security alerts. On the
opposite side there is the relentless sophistication in
cyber-attacks combined with a worldwide
availability of free & cheap hacking tools.
It’s a no brainer that implementing a cyber security
posture that is well staffed and that closely tracks
and adopts the latest tools, vulnerability mitigating
solutions, techniques, tactics and procedures (TTPs)
is not an option for any respectful business leader
today. Hence the relevance of for instance
implementing “adversarial” led defence frameworks
such as MITRE ATT&CK as the basis for building
cyber threat & vulnerability heatmaps and related
mitigating measures as well as CTI, purple, red and
blue teaming, etc.
Knowledge is power. The strength of adversarial
oriented frameworks such as MITRE ATT&CK
comes from an intricate knowledge of the TTPs used
in every single cybercrime discovered in the real
world. Business leaders must acknowledge the fact
that exceptional sophisticated cyber-attacks call for
exceptional cyber defence measures due to the ever-
growing distributed nature the attack surface, users,
networks, endpoints.

So, here after are some of my tips from the cyber
security trenches:
1. Zero Trust must be implemented throughout all
endpoints, physical and logical IT environments;
2. Adopt Secure Access Service Edge (SASE). Your
SASE architecture must overlay zero trust across all
the relevant data service layers: Firewall as a Service
(FAAS), Secure Web Gateway (SWG), Cloud Access
Secure Broker (CASB), Data Loss Prevention (DLP),
Zero Trust Network Access, Browser Isolation, DNS
security, etc. These must be orchestrated from an all-
in-one integrated platform;
3. Adversarial TTP centric defence posture (the
MITRE ATT&CK framework is highly recommended)
to be combined with demonstrable and auditable
security compliance certifications based on robust
frameworks such as ISO27001 and NIST CSF;
4. Dedicated CTI teams with frequent threat hunting
exercises using red, purple and blue teaming using
MITRE ATT&CK;
5. Build & share the cybersecurity heatmaps (based
on the latest MITRE ATT&CK TTPs) with the board
& senior leadership;
6. For data privacy compliance, implementing an
existing mature internationally recognizable auditable
privacy framework is a must. For companies already
familiar with ISO 27001, it makes sense to implement
the ISO 27701 extension as it is a natural expansion as
the formatting of ISO 27701 requirements and controls
maps directly to the ISO 27001 standard. Also, there
are other quite mature candidate data privacy
frameworks such as the BS10012 or the NIST Privacy
Framework;
7. Reduce attack surface as much as possible and
regularly assess it using the MITRE ATT&CK;
8. Complexity and siloed monitoring systems must
be avoided at all cost by implementing fully integrated
SASE & SOAR, ICS and Cloud specific monitoring &
threat detection based on adversary behaviours as per
the MITRE ATT&CK matrix to enable a live and
contextual cyber kill chain framework;
9. Develop cyber-attack recovery plans & play
books as part of business continuity and make sure to
frequently practice attacks against them;
10. Regularly update your incident response
playbooks and practice attack against them;
11. Provide innovative training and awareness
campaigns to all employees on at least a monthly,
quarterly and annual basis;
12. Implement encryption and anonymisation
solutions for both data at rest and in transaction;
Alex Antar, Global Audit
Platform Programme Manager at
Mazars, Global IT Innovation
Business Partner at Unilever
Let’s be honest, IT transformational changes are
notoriously challenging and cyber security
programmes are even harder for one obvious reason:
It’s the usual mistake of building weak security
defense postures that is unforgiving at multiple
levels. Do we need to say more? Ladies &
Gentlemen, these the words of Alex Antar, a true
outstanding global IT leader who has earned a
reputation for spearheading game changing IT
initiatives in cyber security, cloud technology, ERP,
IT infrastructure, data centres, Data Analytics, AI,
ML, IoT…Alex leads global multidisciplinary teams
& programmes for companies in high-tech, banking,
retail, insurance, healthcare and other industries.
He’s been doing this for over 20 years across five
continents. His clients include PwC and other
Fortune 500 companies such as Dell EMC2,
PepsiCo, Mazars, Unilever, Amadeus, etc.
Alex is known for his pragmatic strategic and
tactical planning, risk mitigation, quality assurance,
unparalleled team leadership and expert navigation
through complexity and high pressure. He is passion
for sharing his knowledge and experience led him to
several IT conference events as a guest speaker. In
the process, he also authored & published an IT
book “The Art of Benefits Realization
Management” available on Amazon.com. Alex’s
next book “Resilient Cyber Security Postures” is in
the pipeline and he’s hoping to release it in the
coming weeks.
Alex hobby passion is advocacy for eco-action
around the world. By the way, all the proceeds from
his books go to planting trees programs in support
for our ailing mother Earth under his own green
“Ethical Panda” company. His green Ethical Panda
Logo looks cool! And he’s proud of it.
Under his belt has a number of impressive IT
certifications such CISM® Certified Information
Security Manager / CRISC® Certified in Risk &
Information System Control / MITRE ATT&CK
Defender™ SOC Assessment / ATT&CK Cyber
Threat Intelligence / AGILE SAFe Scrum Master /
ITIL4 / PRINCE2 / Portfolio, Programme and
Project Offices (P3O®) / COBIT 2019 / 6 Sigma
(6σ) Black Belt. Simply drop Alex a message and he
will be happy to help.

Time to Protect
Critical Infrastructures
from Ransomware Attacks in India
Author: Colonel Inderjeet Singh
“IT and OT network boundaries have increasingly blurred. Though, OT networks rarely
require any outside network connectivity to operate seamlessly, however, they are
frequently connected for updates and patches, and pose real risk and threats to the OT
networks against cyber-attacks if overlooked.”
- Colonel Inderjeet Singh, the Chief Cyber Security Officer & Head of the
Cyber Security Center of Excellence @ Vara Technology
Last decade, we have seen unprecedented growth in
India’s infrastructure across various sectors - Power
generation and transmission, Transportation,
Railways, Seaports, manufacturing,
telecommunications networks, to name a few. Intact,
all sectors have significantly witnessed
enhancements. This has augmented and contributed
to the Indian growth story. This has brought in
opportunities and challenges. It is imperative and of
utmost importance to safeguard these critical
infrastructures from cyber threats. To ensure this, the
Indian Government has declared them as critical
infrastructure and has put adequate plans in place to
secure them from cyber-attacks as they paramount
important for national security.
IT and OT network boundaries have increasingly
blurred. Though, OT networks rarely require any
outside network connectivity to operate seamlessly,
however, they are frequently connected for updates
and patches, and pose real risk and threats to the OT
networks against cyber-attacks if overlooked.
While we see an increase in Ransomware attacks
increasing multi-fold all over the world, Indian
Critical Infrastructure too is vulnerable. Recently,
Recorded Future, a cyber-security firm based out of
Massachusetts, raised the concern of an increase in
cyber intrusions attempts from China to target
India’s critical infrastructure – electric power
generation and transmission, and seaports. China-
linked threat activity group ‘RedEcho’, targeted the
Indian electric power grid sector and seaports
through malware conducted many campaigns to
target them.
This type of deliberate targeting of India’s power
grids and financial infrastructure by China is very
unusual and concerning.
Cyber-attacks on Indian critical infrastructure are
not new, in the recent past, Kudankulam Nuclear
Power Plant was cyber-attacked by a suspected
North Korea-based Lazarus hackers group in
September 2019 was intended specifically for cyber
espionage. India has to now really work on a fast-
track mode to safeguard its critical infrastructure
from cyber-attacks. There may also be a need to
look into the likely supply chain attacks on critical
infrastructure. In case, anyone in the complete
supply chain is hacked, entire systems would be
compromised.
At the national level, the Indian government has
created National Critical.
Information Infrastructure Protection Centre
(NCIIPC) and is the National Nodal Agency in
respect of Critical Information Infrastructure
Protection. NCIIPC has broadly identified the
following as “Critical Infrastructure”.
Power & Energy
Banking, Financial Services & Insurance
Telecom
Transport
Government
Strategic & Public Enterprises

Unfortunately, staff who are responsible for
managing cybersecurity OT networks often overlook
the security implications of unpatched and not
updated System Applications and Operating Systems
(OS) in sectors such as energy, manufacturing,
healthcare, transport considering these networks to
be already air-gapped and void of getting cyber
attacked.
However, with the paradigm shift towards disruptive
technologies in OT networks and the proliferation of
Industrial IoT (IIoT) devices in the last couple of
years, we are seeing a growth in the number of
connected devices that have accelerated the
convergence of the once air-gapped IT and OT
Networks.
It is required to immediately have a look at the
cybersecurity of OT networks and protect Critical
Infrastructure from cyber threats. An opportune time
to leverage Artificial Intelligence and Machine
Learning that can assist in automating the detection
and response to improve cyber defenses. Newer
innovations in cybersecurity solutions for endpoints,
firewalls, antivirus and anti-malware software, and
encryption can also be factored in to harden critical
assets against attacks.
The one suggested option is to install a data diode
firewall between IT and OT networks, which would
ensure the required air gap between IT and OT
networks and at the same time permitting the staff to
carry out Software patching, OS, and Application
updating, Historian and Active Directory Backup
and remote view of OT networks as and when
required without much of hassle. In addition, harden
the OT networks and control systems against risks
and vulnerabilities that can be introduced through IT
networks, else OT networks would remain at
indefensible levels of cyber risks.
Colonel Inderjeet Singh
Chief Cyber Security officer, Vara
Technology Pvt Ltd
Colonel Inderjeet Singh is the Chief Cyber Security
Officer and Head of the Cyber Security Center of
Excellence at Vara Technology. In this role, he is
instrumental in building the Cyber Security Business
Unit for the Group. He is working on the disruptive
technologies in the Cyber Security Space for
securing IT networks, Smart cities, and Critical
Information Infrastructure.
Colonel Inderjeet Singh served in the Indian Armed
Forces, is an Alumnus of Indian Institute of
Technology, Kharagpur and Symbiosis Institute of
Management, Pune.
He is an experienced Information Systems
professional with experience of more than 29+ years
across a wide spectrum of areas spanning
cybersecurity operations leadership and influencing
policy level decisions in multiple organizations.
Throughout his career, he has parlayed his extensive
background in security and deep knowledge to help
organizations build and implement strategic
cybersecurity solutions.
Inderjeet has held prestigious appointments while in
the Indian Army and has also served in the United
Nations Mission in the Democratic Republic of
Congo. Later, he has been a CIO of an E-Commerce
Company.
Colonel Singh is visionary for Start-Up Incubation,
Entrepreneurship Development, Strategic
Consulting, and New Technology Evaluation for
commercial viability. He is a Subject Matter Expert
on the latest Disruptive Technologies.
Prominent Cybersecurity leader, Colonel Inderjeet
Singh has consistently delivered mission-critical
results in the field of Information Security
Management, Cyber Security, Cyber Warfare and
Cyber Risk Management, Blockchain, Data Science,
and Smart Cities.

Critical infrastructures remain high-value targets for hostile cyber actors whose operations
support a wide variety of activities meant to extort money, steal data, and/or interrupt their
operations. Their assets, systems, and networks are considered vital to supporting civilian
populations, and as such, any potential disruption to ICS activities can cause far-reaching
impacts to industry supply chains.
The U.S. Department of Homeland Security (DHS) has identified sixteen sectors that
fall under the rubric of critical infrastructure, the degradation of which could affect the
public safety, economic security, and/or national security. The attacks against these vital
systems continues to increase, a worrisome development as more actors seek to exploit
ICS to support their various activities.
Cyber criminals have turned to critical infrastructure organizations in order to exploit for
substantial financial profit. These criminal elements have engaged in “big game hunting” –
a term defining these actors attempts of going after large organizations for the purpose of
stealing high-value assets or data. Ransomware gangs gained notoriety in this capacity,
compromising critical infrastructure organizations and stealing their data before encrypting
systems. They post some of the data on a leak site in an attempt to further coerce victims
into paying large ransom demands or else risk exposing the data to the public. Russian
ransomware gangs in particular garnered substantial attention after compromising two U.S.
companies – Colonial Pipeline and JBS – eliciting attention from the highest levels of the
U.S. government. These incidents served as catalysts for U.S. President Biden to meet with
his Russian counterpart in June 2021 and hand him a list of 16 sectors that Russian
ransomware gangs should not target.
Critical Infrastructure
Protection Needs
an International Treaty Like Cybercrime
Author: Emilio Iasiello
“Ransomware attacks increased by over 300% last year as companies
switched to remote work. Today, ransomware gangs are becoming more
aggressive: stealing and/or leaking data or locking your systems or files in
exchange for ransom payments”
~ Dr. Nikki Robinson

Critical Infrastructure Protection Needs an International Treaty Like Cybercrime
The tactic has been viewed as questionable, as it suggests that any other target is “viable”
for Russian ransomware gangs, so far it has proven successful. BlackMatter, a new
Russian ransomware gang that emerged shortly after the meeting published a manifesto that
it would not target organizations in nuclear power, power, oil and gas, healthcare, or
government institutions. Although BlackMatter did exploit NEW Cooperative, a U.S. food
and agriculture organization, the organization’s industry was not on the “no attack” list
provided by BlackMatter, indicating the gang would honor its commitment. While this
sounds promising, any deviation from their list depends on the group’s intent, as such lists
are subject to modification due to a variety of motivating factors including U.S.-Russia
geopolitical relations. Nevertheless, it appears a promising détente, but one that is only
reserved for Russian ransomware actors and not those of other nationalities.
But such understanding with part of the cyber criminal ecosystem does not include other
hostile actors operating in cyberspace. The biggest threat to critical infrastructure and ICS
stems from nation state actors whose intentions are to exploit these vital networks for the
purposes of maintaining a presence for further exploitation, data modification, disruption of
activities, or destruction of ICS components. For example, in early 2021, Chinese cyber
espionage activity dubbed “RedEcho” compromised several power entities for the purpose
of maintaining access that could be used for further exploitation or disruptive attacks. In
2020, suspected Iranian actors exploited Israeli water treatment facilities, and in one
instance, tried to modify chlorine levels in the water supplied to Israeli homes. In 2015,
Russian cyber actors executed attacks that impacted Ukraine’s power sector, causing power
outages for civilians. Finally in 2010, alleged U.S.-Israeli join operations successfully
deployed Stuxnet for the purposes of damaging centrifuges used in the nuclear enrichment
process.
What is clear is that critical infrastructure will remain a popular option for cyber
malfeasance for both state and nonstate actors largely because the success of their
operations satisfies the intent and motivation of the actors.
The complexities of the networks, legacy systems, and lack of any meaningful
standardization of cyber security measures, incentivization for infrastructure owners, or
penalties for those not maintaining proper cyber security hygiene has created an
environment rich for targeting. It seems that while the majority of the world views critical
infrastructures as vital to their respective state securities, there has been little headway in
trying to come together in an effort to create a treaty to address the various cyber attacks
suffered by critical infrastructures. The more critical infrastructures are victimized without
meaningful repercussion, the more emboldened actors will be in pushing the envelope with
their activities.
by Emilio Iasiello

Critical Infrastructure Protection Needs an International Treaty Like Cybercrime
If the 2021 Biden-Putin summit continues to yield positive results, a similar one-on-one
approach may be applied against other governments that seemingly have influence over
their respective hacking communities. China immediately comes to mind, but so do other
authoritarian states that are either sponsored by the government or operate on the basis of
patriotism or nationalism. As a result of the 2021 summit, the United States and Russia
have engaged in cybersecurity talks, an encouraging development between two of the
world’s leading cyber powers. More discussions may reduce uncertainty of activities
attributed to either government, and decrease potentials of more disruptive follow-on cyber
activities. Ultimately, time will judge if this engagement yields fruit or fails short of its
goals, and the proof will be in how the cyber crime ecosystem responds to these behind-
closed-door meetings.
Regardless, “the timing is right to bring likeminded international stakeholders together to
collaborate on finding ways to harmonize their national laws and improving fast and
efficient joint investigations of incidents against critical infrastructures.”
The Council of Europe’s Convention on Cybercrime can provide a good model on how
such a treaty could start to be formulated. By establishing a “common criminal policy” that
focuses on critical infrastructure, states will be better able to codify the threats, and develop
the conditions necessary to protect them. This will help formulate how states will be able to
“legally” target critical infrastructures in the future, particularly when it comes to self-
defense and proportional response. All states in the world are reliant on critical
infrastructure, so it behooves everyone to find common ground on reducing hostile cyber
activity directed against these assets. This should be an easy win, and one that feeds larger
world discussions on controversial topics such as cyber sovereignty, Internet governance,
and the elusive state norms of behavior in cyberspace.
Failing to make any progress in this area is a serious misstep. Critical infrastructure attacks
are becoming far too common, and the impacts are increasingly becoming more dangerous.
The last thing any country needs is to convey a sentiment of acceptance in allowing the
victimization of their critical infrastructures. Once that Pandora box is open, it will be
impossible to close.
by Emilio Iasiello
Cyber Intelligence Consultant & Published Author, Emilio has nearly 20-
years’ experience in cyber intelligence & cyber threat analysis having
worked in both the public & private sectors. He currently supports a large
multinational energy company. A fervent advocate of applying strategic
thought to countering cyber threats, Emilio fervently believes that
understanding past activity & TTPs are the best way to anticipate future
activity. Applying a behavioral approach to cyber security is instrumental in
understanding the mindset and TTPs of hostile actors. This can be taught to
end users to increase organizations security training, inform threat hunting
teams, and enrich C-suite understanding of the threat. Embracing intelligence-driven measures such as
cognitive and behavioral analysis will complement the technical. Only multifaceted defense solutions
will help organizations achieve cyber resiliency over the next few years. A tireless student of the global
environment, Emilio stresses geopolitics as a driving force behind state-backed cyber activity.

21
21
Editor-In-Chief
TOP CYBER
NEWS
MAGAZINE
and
RAISE THE
CYBERSECURITY
CURTAIN!
Ludmila Morozova-Buss
Cybersecurity
Woman “Influencer” of the
Year 2020

MAGAZINE
TOP CYBER NEWS
CYBER FOR GOOD
We communicate
Technology, Innovation, and Cybersecurity
“As leaders, we must use technology correctly if we are to meet the
expectations of our new stakeholders. Yet we have seen how technology
is open to abuse, misuse and malicious intent.
And, with the benefit of historical perspective, we have seen how many
of the noble uses to which technology has initially been put have given
rise to unwelcome and unforeseen consequences”
‘Tech for Life’ by Jim HAGEMANN SNABE,
Chairman at Siemens and A. P. Moller Maersk
Tech-Utopia or Tech-Dystopia?

Top Cyber News Magazine Daniel Ehrenreich

Recommended

Recommended

More Related Content

Similar to Top Cyber News Magazine Daniel Ehrenreich

Similar to Top Cyber News Magazine Daniel Ehrenreich (20)

More from TopCyberNewsMAGAZINE

More from TopCyberNewsMAGAZINE (9)

Recently uploaded

Recently uploaded (20)

Top Cyber News Magazine Daniel Ehrenreich